#!/bin/sh
# extract useful data from auth log
#first, host names
echo Extracting host names into statistics file
grep PAM bigauthlog | grep illegal | awk '{print $15}' >fails
grep PAM bigauthlog | grep -v illegal | awk '{print $13}' >>fails
sort -rn < fails | uniq -c | sort -r >hail-marys-by-frequency.txt
# next, statistics on user names
echo Extracting user names into statistics file
grep PAM bigauthlog | grep -v illegal | awk '{print $11}' >names
grep PAM bigauthlog | grep illegal | awk '{print $13}' >>names
sort -rn < names | uniq -c | sort -r >hail-mary-users-by-frequency.txt
# separate out one part of the attempts for counting
grep error bigauthlog >hail-mary-singles.txt
# copy big log to a better text file name
cp bigauthlog hail-marys-raw.txt